Show TOC

Configuring SAPGENPSE for UseLocate this document in the navigation structure


If you are configuring and using the cryptography tool SAPGENPSE, you should be aware of which files you require and know where they are stored. These files are not only required initially for the authentication of the communication partner. They are also required during data transmission in order to encode the data and ensure data integrity. This means that the files must be stored in particular places so that the system can find them and access them at runtime.

  • You have logged on with the <SAPSID>adm user. This is the operating system user for TREX administration.

  • You have downloaded the SAP Cryptographic Library from the SAP Service Marketplace and unpacked the contained data.

Required Files



sapcrypto.dll (library)

sapgenpse.exe (executable file)

libsapcrypto.<ext>, for example, for the operating system SUN OS 5.8.

sapgenpse (executable file).

ticket (license ticket)

ticket (license ticket)


Keystore for server certificates



Keystore for client certificates



Anonymous keystore



Keystore for SNC communication



You create the keystores SAPSSLS.pse, SAPSSLC.pse, and SAPSSNCS.pse using the cryptography tool SAPGENPSE. These are not part of the SAP Cryptographic Library installation package.


You need a SECUDIR system environment variable on Windows and a SECUDIR environment variable on UNIX in order to store the license ticket ( ticket) and the generated keystores ( SAPSSLS.pse, SAPSSLC.pse, SAPSSLA.pse, and SAPSNCS.pse). Set up the variable by checking existing environment variables and creating SECUDIR if it does not already exist. You then store the files in the recommended storage locations. On UNIX the needed variables are set automatically by a shell script.

The procedure is basically the same on Windows and UNIX:

  1. First check whether the system environment variable SECUDIR already exists (Windows only) as a result of a previous security configuration.

  2. If it does not exist, create the (system) environment variable SECUDIR and the corresponding directory (Windows only).

  3. Store the relevant files in the directories that already existed or that you just created.

  4. Enable CPE (Central Patch Environment) support for TREX security.

  5. Start the cryptography tool SAPGENPSE using a prompt.

The procedures for Windows and UNIX are described in the following sections: